One of the big stories of the last month has been the hacking of the Sony Pictures corporate network. For the last few weeks we’ve heard of the disclosures of Sony employees’ private emails, salaries and the like, leading up to this week’s decision of Sony Pictures to postpone the premiere and subsequent showings of their movie The Interview, after receiving threats of “9/11 type attacks” on theaters showing the film.
When it was just the employee data being released, the talking heads in the media treated it more as a bad joke gone wrong that was played on Sony by some hackers. With the subsequent postponing of the film’s release and the assertion by the State Department that this was a cyberattack with ties to the North Korean government, the giggling turned into a “How dare they take away our freedom!” chorus that frankly is every bit as ridiculous as the first reaction.Was it the North Koreans who were responsible? From everything I’ve seen, the answer is probably yes. This might come as a surprise to some of you, who make the mistake of thinking of North Korea as a technologically backwards state. While it’s true that most of the citizens of North Korea don’t have access to what we consider first world technology, the leadership and military most definitely does; otherwise they wouldn’t have nuclear warheads. And while they may not have the same level of technology as their neighbor to the south does, they do have the money to hire outside experts.
The attacks on Sony followed the same scenario (and used the same virus) as was used in attacks on South Korean banks and media companies last year. They also bore some resemblance to an attack two years ago at Saudi Aramco (the Saudi national oil company) carried out by one of North Korea’s only allies – Iran.
So, what was our government’s reaction? On the one hand, you have Senator John McCain screaming that the hack was an “act of war.” How the hacking of a Japanese corporation’s internal network is considered an act of war against the US is something we can’t quite get our heads around, but we digress.
On the other hand, you have President Obama calling it “cybervandalism”. This is closer to the truth than McCain’s comment, though it still isn’t accurate. Cyberblackmail is what we’d call it; it’s more serious than vandalism but definitely can’t by any sane logic be considered an act of war.The US reportedly has asked China to help block future attacks from North Korea. Why China? China is North Korea’s main ally, and the country’s telecommunications rely on Chinese-operated networks. The ironic thing about the request is that the Chinese almost had to be aware of the attack from the beginning, and hence complicit to some degree, but we digress again.
What the attack did do is, once again, highlight the real lack of security in the cyber world we rely on so much today. I’m old enough to remember life without ATMs or card readers. I remember life before barcodes. I remember when almost all business records and correspondence were kept on paper instead of on a hard drive. Without computers, we’d fall back at least 50 years in our business practices, not to mention all the other places where computers have become essential. Can you imagine a modern hospital without computers monitoring patients, storing records and the like, for example? But, every week we hear of another company, another bank, another retail chain being hacked; it’s only a matter of time before something that really matters gets taken down.
We will spend over a half trillion dollars on national defense in the upcoming year. We’ll use that money to buy planes that our top military commanders see no need for, keeping bases open and providing vendor contracts for no other reason than it helps a powerful Congressthing’s district; the list of waste that we the taxpayers pay for is long and sordid. Wouldn’t it be much better to take a fair portion of that $500 billion and spend it instead on secure networking infrastructure? To train more people in the field of cybersecurity, knowing that when they get out of the service, they’ll have a useful background to offer industry? Our dependence on computers is our greatest security risk; it’s time we went to work on patching it up.